Skip to main content

Hacking WebServer : Brute Forcing

Hello Friends.
                      Today I am going to show you how to develop a word list and use brute force the login authentication to access certain directory in web server.

 Basic Things Required
1.Java SDK and JRE [this will be required to develop the word list. ]
2.Any IDE like BlueJ or NetBeans or Eclipse . You can use notepad but you need to compile that manually.It is not necessary you need to create word list using Java only.You can use any programming language you feel comfortable. 
3.Brutus or THC Hydra [Brute Force tools]

CAUTION
"This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.Sometimes (rarely although) performing Brute Force attacks can lead do DOS attacks. To prevent this sometimes system admin keeps tracks of the incoming connections . If they find that too many requests are being sent from a particular IP then they block that IP for sometime, sometimes even Bans them. Some web servers also deploy IDS in their web server to prevent brute force attacks . Performing this technique is completely illegal."
Word List Generator Source Code
Here is a small code written in Java that can be used to create a simple 2 lettered word list.

*******************Code Starts Below This Line************************

public class WordList{
    public static void main(String args[]){
        for(int i=0;i<26;i++){
            for(int j=0;j<26;j++){
                char c1=(char)('a'+i);
                char c2=(char)('a'+j);
                 System.out.println(c1+""+c2);
            }
        }
    }
}
**************************Code Ends Above This Line*******************
  • You can manually compile the code by saving it in a file having  same name as the class name and having  extension an extension .java. Compile it by using the command
          javac WordList.java

         And execute it by 

          java WordList.class

  • Find the directory that requires the login username and password.



  • Now that You have got the directory that requires credentials, try to access it and you will find a prompt asking for credentials.



  • Now here 2 different cases can arise. Sometimes username is already provided and you need to provide password only and sometimes neither are provided. If you don't find the username then you need to create different word list for username.Now its time for Brutus to play his role.
  • Perform the details I provided in this image. Sometimes you need to customize  the settings it in a different way.


 After Brutus provides a positive result you can enter the username and password at the login prompt and access the directory.

#################################################################################

Popular posts from this blog

KringleCon : Sans Holiday Hack 2018 Writeup

SANS HOLIDAY HACK 2018 Writeup , KRINGLECON The objectives  Orientation Challenge  Directory Browsing  de Bruijn Sequences  Data Repo Analysis  AD Privilege Discovery  Badge Manipulation  HR Incident Response  Network Traffic Forensics  Ransomware Recovery  Who Is Behind It All? First I go to Bushy Evergreen and try to solve the terminal challenge . Solving it is fairly easy , Escape_Key followed by  ":q" without quotes After this we move to the kiosk and solve the questions The question were based on the themes of previous Holiday Hack Challenges. Once we answer it correctly we get the flag. For this I visited Minty Candycane and I tried to solve the terminal challenge.  The application has command injection vulnerability , so injecting a system command with the server ip allows execution of the command. So first I perform an `ls` operation to list of the directory contents , followed by a cat of t
Read more

Linux Privilege Escalation : SUID Binaries

After my OSCP Lab days are over I decided to do a little research and learn more on Privilege Escalation as it is my weak area.So over some series of blog post I am going to share with you some information of what I have learnt so far. The methods mentioned over here are not my own. This is something what I have learnt by reading articles, blogs and solving CTFs SUID - Set User ID The binaries which has suid enabled, runs with elevated privileges. Suppose you are logged in as non root user, but this suid bit enabled binaries can run with root privileges. How does a SUID Bit enable binary looks like ? -r- s r-x---  1 hack-me-bak-cracked hack-me-bak         7160 Aug 11  2015 bak How to find all the SUID enabled binaries ? hack-me-bak2@challenge02:~$ find / -perm -u=s 2>/dev/null /bin/su /bin/fusermount /bin/umount /usr/lib/openssh/ssh-keysign /usr/lib/eject/dmcrypt-get-device /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/bin/gpasswd /usr/bin/newgrp /usr/bin
Read more

Bluetooth Low Energy : Build, Recon,Enumerate and Attack !

Introduction In this post I will try to share some information on bluetooth low energy protocol. Bluetooth Low Energy ( BLE ) is Bluetooth 4.0.It has been widely used in creating "smart" devices like bulbs that can be controlled by mobile apps, or electrical switches that can be controlled by mobile apps. The terms Low Energy refers to multiple distinctive features that is operating on low power and lower data transfer. Code BLE Internals and Working The next thing what we need to know is a profile. Now every bluetooth device can be categorized based on certain specification which makes it easy. Here we will take a close look into two profiles of Bluetooth which is specifically designed for BLE. Generic Access Profile (GAP) - This profiles describes how two BLE devices defines discovery and establishment of connection with each other. There are two types of data payload that can be used. The Advertising Data Payload and Scan Response Payload . The GAP uses br
Read more